Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds ORCID visibility to the “Received requests” table to help reviewers verify the identity of users requesting editing rights or ownership.
Changes:
- Add an “ORCID” column to the received requests UI.
- Extend
ResourceRequestSerializerto include anorcidfield derived from the requesting user’s ORCID social account. - Minor whitespace cleanup in the requests partial.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
frontend/partials/requests.html |
Displays an ORCID column and links to the requester’s ORCID profile in the received-requests table. |
backend/elixir/serialization/resource_serialization/resourceRequest.py |
Adds an orcid field to serialized request payloads by reading from SocialAccount (ORCID provider). |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <td><a href="https://orcid.org/{{entry.orcid}}" target="_blank">{{entry.orcid}}</a></td> | ||
| <td> |
There was a problem hiding this comment.
The ORCID cell always renders an anchor, so when entry.orcid is empty/undefined the UI shows a blank link pointing to https://orcid.org/. Consider only rendering the link when an ORCID is present (e.g., ng-if="entry.orcid") and show a placeholder (e.g., � or an empty cell) otherwise, consistent with the profile page’s conditional ORCID link rendering.
| <td><a href="https://orcid.org/{{entry.orcid}}" target="_blank">{{entry.orcid}}</a></td> | |
| <td> | |
| <td> | |
| <a ng-if="entry.orcid" href="https://orcid.org/{{entry.orcid}}" target="_blank">{{entry.orcid}}</a> | |
| <span ng-if="!entry.orcid"></span> | |
| </td> | |
| <td> |
| <td>{{ typeDescription(entry.type) }}</td> | ||
| <td>{{ entry.username }}</td> | ||
| <td>{{ entry.email }}</td> | ||
| <td><a href="https://orcid.org/{{entry.orcid}}" target="_blank">{{entry.orcid}}</a></td> |
There was a problem hiding this comment.
Opening a third-party URL in a new tab via target="_blank" should include rel="noopener noreferrer" to prevent the new page from accessing window.opener (reverse-tabnabbing). Please add the rel attribute to this ORCID link.
| <td><a href="https://orcid.org/{{entry.orcid}}" target="_blank">{{entry.orcid}}</a></td> | |
| <td><a href="https://orcid.org/{{entry.orcid}}" target="_blank" rel="noopener noreferrer">{{entry.orcid}}</a></td> |
| try: | ||
| orcid_account = SocialAccount.objects.get(user=obj.user, provider='orcid') | ||
| return orcid_account.uid | ||
| except SocialAccount.DoesNotExist: | ||
| return '' |
There was a problem hiding this comment.
SocialAccount.objects.get(...) can raise MultipleObjectsReturned (e.g., duplicate ORCID connections), which would 500 the request list. Use a safer lookup (e.g., .filter(...).first()), and decide which ORCID to prefer if multiple exist.
| try: | |
| orcid_account = SocialAccount.objects.get(user=obj.user, provider='orcid') | |
| return orcid_account.uid | |
| except SocialAccount.DoesNotExist: | |
| return '' | |
| orcid_account = ( | |
| SocialAccount.objects.filter(user=obj.user, provider='orcid') | |
| .order_by('id') | |
| .first() | |
| ) | |
| if orcid_account is not None: | |
| return orcid_account.uid | |
| return '' |
This PR displays ORCID information of users who request editing rights or ownership of tools to improve verification in the request review process.